Tobias Bocanegra wrote: > what's wrong with commons-lang StringEscapeUtils.escapeHTML [0] ? > or with jstl c:out [1] ? Nothing, but it adds another dependency. Writing an escape function is not rocket science, so we might rather add our own instead of adding a dep to another lib just because of ten lines of code.
>> 5. Optional: we could add a method to HtmlEncodingValueMap which allows >> to get the unencoded value. > i would rather add a method that gives access to the underlying map, eg: > ValueMap getUnencodedMap() Yepp, sounds good. > from my experience you usually need both during the "lifetime" of a > jsp. i would find it irritating, if i need to deal with 2 maps. Yes, this depends on your use case - from my experience you really rarely need unescaped output - but of course everyone has a different backgroudn. > i would rather have a new methods on ValueMap, like: > > <T> T getHtmlEscaped(java.lang.String s, java.lang.Class<T> tClass); > > <T> T getHtmlEscaped(java.lang.String s, T t); Yes, but the value map is an interface implemented by resource providers. Resource providers do not care about any output format, being this html, xml, pdf, whatever. We would end up with adding special methods for each "relevant" output format. And in turn require implementors to implement these methods over and over again instead of doing it exactly once for an output format. Carsten -- Carsten Ziegeler [email protected]
